Top

Published in:

2022 | OriginalPaper | Chapter

Secure Ownership Transfer for Resource Constrained IoT Infrastructures

Authors : Martin Gunnarsson, Christian Gehrmann

Published in: Information Systems Security and Privacy

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Internet of Things or IoT deployments are becoming more and more common. The list of use-cases for IoT is getting longer and longer, but some examples are smart home appliances and wireless sensor networks. When IoT devices are deployed and used over an extended time, it is not guaranteed that one owner will control the IoT devices over their entire lifetime. If the ownership of an IoT system shall be transferred between two entities, secure ownership transfer arises.

In this paper we propose a protocol that enables secure ownership transfer of constrained IoT devices. The protocol is resource-efficient and only rely on symmetric cryptography for the IoT devices. The protocol has been rigorously analyzed to prove the state security requirements. The security analysis has been done partially using formal protocol verification tools, particularly Tamarin Prover. To show our proposed protocol’s resource efficiency, we have done a proof of concept implementation. This implementation, for constrained IoT devices, has been used to verify the efficiency of the protocol. The results presented in this paper, an extend version of previously published work on secure ownership transfer protocols for constrained IoT devices by the same authors.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Inferring Sensitive Information in Cryptocurrency Off-Chain Networks Using Probing and Timing Attacks

next chapter Untangling the XRP Ledger: Insights and Analysis

These keys are included not to give protection against IoT compromise but to make denial-of-service type of attacks less likely.

https://github.com/Gunzter/iot-ownership-transfer-protocol-tamarin-model.

https://github.com/contiki-ng/contiki-ng.

https://github.com/Zolertia/Resources/wiki/Firefly.

https://ftp.gnu.org/old-gnu/Manuals/binutils-2.12/html_node/binutils_8.html.

https://sourceware.org/binutils/docs/binutils/nm.html.

Aghili, S.F., Mala, H., Shojafar, M., Peris-Lopez, P.: LACO: lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT. Future Gener. Comput. Syst. 96, 410–424 (2019). https://doi.org/10.1016/j.future.2019.02.020, http://www.sciencedirect.com/science/article/pii/S0167739X18331297

Alblooshi, M., Salah, K., Alhammadi, Y.: Blockchain-based ownership management for medical IoT (MIoT) devices. In: 2018 International Conference on Innovations in Information Technology (IIT), pp. 151–156. IEEE (2018)

Altun, C., Tavli, B., Yanikomeroglu, H.: Liberalization of digital twins of IoT-enabled home appliances via blockchains and absolute ownership rights. IEEE Commun. Mag. 57(12), 65–71 (2019)CrossRef

Bagheri, N., Aghili, S.F., Safkhani, M.: On the security of two ownership transfer protocols and their improvements. Int. Arab J. Inf. Technol. 15(1), 87–93 (2018). https://iajit.org/PDF/January%202018,%20No.%201/8266.pdf. Accessed 07 Jan 2022

Basin, D., Cremers, C., Dreier, J., Sasse, R.: Symbolically analyzing security protocols using tamarin. ACM SIGLOG News 4(4), 19–30 (2017). https://doi.org/10.1145/3157831.3157835, https://hal.archives-ouvertes.fr/hal-01622110

Borah, M.D., Naik, V.B., Patgiri, R., Bhargav, A., Phukan, B., Basani, S.G.M.: Supply chain management in agriculture using blockchain and IoT. In: Kim, S., Deka, G.C. (eds.) Advanced Applications of Blockchain Technology. SBD, vol. 60, pp. 227–242. Springer, Singapore (2020). https://doi.org/10.1007/978-981-13-8775-3_11CrossRef

Bormann, C., Ersue, M., Keranen, A.: Terminology for constrained-node networks. Internet Engineering Task Force (IETF): Fremont, CA, USA, pp. 1721–2070 (2014)

Burmester, M., de Medeiros, B., Motta, R.: Provably secure grouping-proofs for RFID tags. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 176–190. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85893-5_13CrossRef

Cao, T., Chen, X., Doss, R., Zhai, J., Wise, L.J., Zhao, Q.: RFID ownership transfer protocol based on cloud. Comput. Networks 105, 47–59 (2016). https://doi.org/10.1016/j.comnet.2016.05.017, http://www.sciencedirect.com/science/article/pii/S1389128616301621

10.

Díaz, M., Martín, C., Rubio, B.: State-of-the-art, challenges, and open issues in the integration of internet of things and cloud computing. J. Network Comput. Appl. 67, 99–117 (2016)CrossRef

11.

Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, pp. 350–357. SFCS 1981. IEEE Computer Society, Washington, DC (1981). https://doi.org/10.1109/SFCS.1981.32

12.

Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)MathSciNetCrossRef

13.

EPCglobal Inc.: EPC Radio-Frequency Identity Protocols Generation-2 UHF RFID. Report 1.2.0, EPCglobal Inc. (2008)

14.

Eronen, P., Nir, Y., Hoffman, P.E., Kaufman, C.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (2010). https://doi.org/10.17487/RFC5996, https://rfc-editor.org/rfc/rfc5996.txt

15.

Fielding, R.: Representational state transfer. In: Architectural Styles and the Design of Network-Based Software Architecture, pp. 76–85 (2000)

16.

Gunnarsson, M., Gehrmann, C.: Secure ownership transfer for the internet of things. In: 6th International Conference on Information Systems Security and Privacy, ICISSP 2020, 25 February 2020 through 27 February 2020, pp. 33–44. SciTePress (2020)

17.

He, L., Gan, Y., Yin, Y.: Secure group ownership transfer protocol with independence of old owner for RFID tags. Comput. Model. New Technol. 18(12B), 209–214 (2014). http://www.cmnt.lv/upload-files/ns_63brt035

18.

Islam, M.N., Kundu, S.: IoT security, privacy and trust in home-sharing economy via blockchain. In: Choo, K.-K.R., Dehghantanha, A., Parizi, R.M. (eds.) Blockchain Cybersecurity, Trust and Privacy. AIS, vol. 79, pp. 33–50. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-38181-3_3CrossRef

19.

Kapoor, G., Piramuthu, S.: Protocols for objects with multiple RFID tags. In: 2008 16th International Conference on Advanced Computing and Communications, pp. 208–213, December 2008. https://doi.org/10.1109/ADCOM.2008.4760450

20.

Kapoor, G., Zhou, W., Piramuthu, S.: Multi-tag and multi-owner RFID ownership transfer in supply chains. Decis. Support Syst. 52(1), 258–270 (2011)CrossRef

21.

Khan, M.S.N., Marchal, S., Buchegger, S., Asokan, N.: chownIoT: enhancing IoT privacy by automated handling of ownership change. In: Kosta, E., Pierson, J., Slamanig, D., Fischer-Hübner, S., Krenn, S. (eds.) Privacy and Identity 2018. IAICT, vol. 547, pp. 205–221. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16744-8_14CrossRef

22.

Lanza, J., et al.: Managing large amounts of data generated by a smart city internet of things deployment. Int. J. Semant. Web Inf. Syst. 12(4), 22–42 (2016). https://doi.org/10.4018/IJSWIS.2016100102

23.

Leng, X., Mayes, K., Lien, Y.: Ownership management in the context of the internet of things. In: 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 150–153. IEEE (2014)

24.

Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48CrossRef

25.

Müller, R., Schmitt, C., Kaiser, D., Waldvogel, M.: HomeCA: Scalable Secure IoT Network Integration. Gesellschaft für Informatik eV (2019)

26.

Oded, G.: Foundations of Cryptography: Basic Applications, vol. 2, 1st edn. Cambridge University Press, New York (2009)MATH

27.

Pradeep, B.H., Singh, S.: Ownership authentication transfer protocol for ubiquitous computing devices. In: 2013 International Conference on Computer Communication and Informatics, pp. 1–6, January 2013. https://doi.org/10.1109/ICCCI.2013.6466133

28.

Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2. RFC 6347, January 2012. https://doi.org/10.17487/RFC6347, https://rfc-editor.org/rfc/rfc6347.txt

29.

Roman, R., Najera, P., Lopez, J.: Securing the Internet of Things. Computer 44(9), 51–58 (2011). https://doi.org/10.1109/MC.2011.291CrossRef

30.

Saied, Y.B., Olivereau, A.: D-hip: a distributed key exchange scheme for hip-based internet of things. In: 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 1–7, June 2012. https://doi.org/10.1109/WoWMoM.2012.6263785

31.

Saito, J., Imamoto, K., Sakurai, K.: Reassignment scheme of an RFID tag’s key for owner transfer. In: Enokido, T., Yan, L., Xiao, B., Kim, D., Dai, Y., Yang, L.T. (eds.) EUC 2005. LNCS, vol. 3823, pp. 1303–1312. Springer, Heidelberg (2005). https://doi.org/10.1007/11596042_132CrossRef

32.

Schaad, J.: CBOR object signing and encryption (COSE). RFC 8152, RFC Editor, July 2017

33.

Sedlak, K., Zih, J., Pirc, M., Osvald, U.: 0xcert protocol (2019)

34.

Sundaresan, S., Doss, R., Zhou, W., Piramuthu, S.: Secure ownership transfer for multi-tag multi-owner passive RFID environment with individual-owner-privacy. Comput. Commun. 55, 112–124 (2015). https://doi.org/10.1016/j.comcom.2014.08.015, http://www.sciencedirect.com/science/article/pii/S0140366414003053

35.

Tam, P., Newmarch, J.: Protocol for ownership of physical objects in ubiquitous computing environments. In: IADIS International Conference E-Society, vol. 2004, pp. 614–621 (2004)

36.

Taqieddin, E., Al-Dahoud, H., Niu, H., Sarangapani, J.: Tag ownership transfer in radio frequency identification systems: a survey of existing protocols and open challenges. IEEE Access 6, 32117–32155 (2018)CrossRef

37.

Texas Instruments, I.: CC2538 powerful wireless microcontroller system-on-chip for 2.4-GHz IEEE 802.15. 4, 6lowpan, and ZigBee applications. CC2538 datasheet, April 2015

38.

Tschofenig, H., Fossati, T.: Transport layer security (TLS)/datagram transport layer security (DTLS) profiles for the internet of things. In: RFC 7925. Internet Engineering Task Force (2016)

39.

Vasseur, J.: Terms used in routing for low-power and lossy networks. Technical Report, RFC 7102, January 2014

40.

Vögler, M., Schleicher, J.M., Inzinger, C., Dustdar, S.: A scalable framework for provisioning large-scale IoT deployments. ACM Trans. Internet Technol. 16(2), 11:1–11:20 (2016). https://doi.org/10.1145/2850416

41.

Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Pap. 151(2014), 1–32 (2014)

42.

Zhang, L., Zhang, Y., Tang, S., Luo, H.: Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement. IEEE Trans. Ind. Electron. 65(3), 2795–2805 (2017)CrossRef

43.

Zhou, W., Yoon, E.J., Piramuthu, S.: Simultaneous multi-level RFID tag ownership and transfer in health care environments. Decis. Support Syst. 54(1), 98–108 (2012)CrossRef

44.

Zuo, Y.: Changing hands together: a secure group ownership transfer protocol for RFID tags. In: 2010 43rd Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2010)

Title: Secure Ownership Transfer for Resource Constrained IoT Infrastructures
Authors: Martin Gunnarsson
Christian Gehrmann
Publisher: Springer International Publishing
Book: Information Systems Security and Privacy
Print ISBN: 978-3-030-94899-3

Electronic ISBN: 978-3-030-94900-6

Copyright Year: 2022
DOI: https://doi.org/10.1007/978-3-030-94900-6_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner